information security office & home it forum october 29, 2009 presenters: diane jachimowicz –...
TRANSCRIPT
Information SecurityOffice & Home
IT ForumOctober 29, 2009
Presenters:Diane Jachimowicz – Senior Technology Services AnalystAnthony Maszeroski – Information Security ManagerDanielle Morse – Associate Director, Desktop Services
House Keeping
• Sign In Sheet• Prizes• Speakers• Top 10 Office Security Tips• Agenda
Agenda• Personally Identifiable Information (PII)• Safer Web Browsing• Office Security• Student Use of Office PC’s• Passwords• Royal Drive• Encryption of Files• USB Encryption• McAfee AntiVirus• Home Tools• Q & A• Announcements/Prizes Awarded
Sensitive Information
• Any information which, if disclosed in an unauthorized manner, would cause damage or embarrassment to individuals or the University, or any information classified as internal/confidential or restricted.
Sensitive Information
• Loss Criteria– Loss in reputation and public (donor) confidence– Loss of competitive advantages– Increase in operational expenses– Violations of contract agreements– Violations of legal and regulatory requirements– Delayed income costs– Loss in revenue– Loss in productivity
Sensitive Information - Student
• Academic Records• Credit / Debit Card Number• Credit / Payment History• Criminal Records• Disciplinary Action• Driver’s License Number / License Plate• Employee Data / Resume (Career Services)• Financial Aid Status• Income or Spending Habits• Insurance Information (e.g., policy #)
Sensitive Information - Student
• Public Safety Incident Data• Parent Biographical Data• Scholarship Information• Social Security Number (SSN)• Student Activities• Student Banking Information• Student Biographical Data• Student Counseling Records• Student Health Records
Sensitive Information – Employee
• Academic Records• Benefits Coverage• Credit / Debit Card Number• Credit / Payment History• Criminal Records• Disciplinary Action• Driver’s License Number / License Plate• Employee Banking Information
Sensitive Information – Employee
• Employee Biographical Data (e.g., spouse/children)
• Income or Spending Habits• Payroll• Performance Reviews• Scholarship Information• Social Security Number (SSN)• Tax Information
Sensitive Information - Donor
• Academic Information• Credit / Debit Card Number• Credit / Payment History• Donor Banking Information• Donor Biographical Data• Driver’s License Number / License Plate• Event / Ticketing / Travel
Sensitive Information - Donor
• Gift Data• Giving Society Memberships• Income or Spending Habits• Insurance Information• Prospect Data• Real Estate / Securities• Social Security Number (SSN)
Sensitive Information – Financial
• Accounts Payable Records• Contract Data• Copies / Images of Cleared Checks• Copies / Images of Deposited Checks• Credit Card Data• Expense Reports• Financial Reports
Sensitive Information - Financial
• Procurement Data• Tax Data• University Banking Data• University Budgets• University Investment Data• Wire / ACH Instructions
Safer Web Browsing Using Firefox
• Intranet (*.scranton.edu)– Internet Explorer 7
• Internet (anything other than *.scranton.edu)– Firefox 3.5.x– Plugin Checkerhttp://www.mozilla.com/en-US/plugincheck/
Office Security
• Keep your office locked even if you just step out for a minute
• Don’t leave valuables in plain view• Consider taking your laptop home with you • Report suspicious activity immediately• If the building is locked, don’t let someone you don’t
know into the building• Don’t become so absorbed in what you are doing that you
don’t notice the activity around you• Confidential documents should be put away and not left
visible and unattended on work desks
Office Computer Security
• Computer screens should be angled so visitors can’t see sensitive information
• Shutdown every night• Unplug over holidays• Use Laptop Locks• Backup Storage
Logoff when you leave
To Lock Down Windows XP Click Ctrl+Alt+Delete Select "Lock Workstation" This will bring up your login screen and lock your computer down
Windows XP shortcut: Click the Windows key (the flying window key at the bottom of the key board) and the L key. This will bring up your login screen and lock your computer down.
To Lock Down Windows Vista at homeGo to the Start menuAt the bottom right you'll see an icon of a padlockClick it to lock the computer
Student Use of Office Computers
• Designated Student Computers• Secure storage space• Check Student PC Periodically• Confidentially Agreements
Why You Need a Secure Password
• Authenticate or prove your identity• Malicious e-mail sent in your name• Your password can be used to commit fraud,
post child pornography, send spam, make threats, break into other systems, and much more.
Protect Your Password
• Select a unique password• Avoid any password with personal information:• Birth date, name, home town, or mother's maiden
name • Children’s name, pet's name, or your best friend • Driver's License, phone, address, license plate,
social security number, or PIN numbers• Don’t write down your password• Don’t tell anyone your password
Common Password Mistakes
changemepasswordstartcomputerinternetihavenopassmypasswordopenupscrantonLetmein123456
Creating a Secure Password
• Use 9 or more characters• DO NOT use plain dictionary words• Include at least 3 of the following criteria:– lowercase letters– UPPERCASE letters– Numbers– Punctuation
• 4S&7yaofb4th
Passwords are like Underwear…
• Change Yours Often!• Don't Share Them with Friends!• Be Mysterious!• The Longer the Better!• Don’t Leave Yours Lying Around!
Consider these findings...
• More than 40% of all individually-chosen passwords are readily guessed by someone who knows you
• 3,000 out of 13,000 passwords cracked• Gaining access to one password often
provides access to other systems and accounts
How Passwords are Cracked
• Dictionary programs• Changing the default password• Guessable passwords• Commonly-chosen passwords• Short passwords
Tips for strong passwords...
• DON'T use your login name in any form• DON'T use a password made up of all digits,
or of all the same letter• DON'T use words in the dictionary• DON'T use consecutive or adjacent keys• DON'T use "remember my password
features"
Tips for strong passwords...
• DO include a mix of upper and lower case, numbers, and punctuation such as HY?j4iP or 3rt!dlP
• DO use a password that you can type quickly without having to look at the keyboard
• DO change your password regularly
Royal Drive
• What is it?• Who should use it? • How do you get to it?• Why should you use it?• Royal Drive is used in over 120 colleges and
universities throughout the country including Georgetown, Boston College, Harvard, Princeton and Yale.
Royal Drive Benefits
• Secure Storage• Document Sharing/Collaboration• Intellitach
Encryption
• Encryption is the process of encoding data to ensure that unauthorized parties cannot view it.
• To accomplish encryption, a key or code provided by you is used to encrypt the data, making encryption difficult to crack.
• A few encryption options are readily available to you.
ENCRYPTION OF FILES
USB ENCRYPTION
TrueCrypt
• Software application used for real-time on-the-fly encryption
• Free, open-source software available for Windows 7/Vista/XP, Mac OS X, and Linux
• Encrypts an entire partition or storage device such as a USB Flash Device (UFD) or hard drive
• Creates a virtual encrypted disk within a file and mounts it as a real disk
TrueCrypt UFD Encryption Service
• The TSC does not provide UFDs. You will need to purchase and take a UFD with you.
• The encryption process will destroy any existing data on the UFD.
• During the encryption process, you will be prompted to enter a password for your device. TSC staff will encourage you to select a password that is 20 characters or more in length. Determining the password you intend to use before you visit the TSC is recommended.
• When complete your original UFD will contain an encrypted TrueCrypt volume and TrueCrypt Traveler Disk Software.
MCAFEE VIRUSSCANENTERPRISE 8.7I
McAfee VirusScan Enterprise
McAfee VirusScan Enterprise
McAfee VirusScan Enterprise
McAfee VirusScan Enterprise
McAfee VirusScan Enterprise
McAfee VirusScan Enterprise
McAfee VirusScan Enterprise
McAfee VirusScan Enterprise
Home Tools
• Microsoft Security Essentials– http://www.microsoft.com/Security_Essentials/
• MalwareBytes– http://www.malwarebytes.org/
• SUPERAntiSpyware– http://www.superantispyware.com/
• Secunia PSI– http://secunia.com/vulnerability_scanning/
• CCleaner– http://www.ccleaner.com/
Q &A???
Next IT Forum
Topic: Windows 7Date: November 24, 2009Time: 11:30am – 1:00pmLocation: BRN 509RSVP: [email protected] will be provided
And the Winners are…….